The National Institute of Standards and Technology should focus on developing an “analytical tool” enabling entities to assess cyber threats on a monetized basis, according to the president of the Internet Security Alliance, as NIST continues probing the use of NIST cybersecurity framework metrics.

“The next step in the evolution of the NIST CSF shouldn’t be to identify which elements of the CSF are cost-effective in general, but to develop an analytical tool that will enable individual entities to assess their unique threats on a monetized basis and assess which elements of the CSF will be most cost-effective in addressing them,” ISA president Larry Clinton writes in a Wednesday blog post.

Clinton says the development of such a tool is the “missing link” between cyber threats, the standards contained in the cybersecurity framework, and the need to address such threats in a sustainable manner….SOURCE